CN103369061B - A kind of method passing through two-stage NAT and NAT device - Google Patents

A kind of method passing through two-stage NAT and NAT device Download PDF

Info

Publication number
CN103369061B
CN103369061B CN201210095933.4A CN201210095933A CN103369061B CN 103369061 B CN103369061 B CN 103369061B CN 201210095933 A CN201210095933 A CN 201210095933A CN 103369061 B CN103369061 B CN 103369061B
Authority
CN
China
Prior art keywords
nat device
port
pass
request message
service providing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201210095933.4A
Other languages
Chinese (zh)
Other versions
CN103369061A (en
Inventor
何智勤
李瑾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Global Innovation Polymerization LLC
Tanous Co
Original Assignee
Huawei Device Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Device Co Ltd filed Critical Huawei Device Co Ltd
Priority to CN201210095933.4A priority Critical patent/CN103369061B/en
Publication of CN103369061A publication Critical patent/CN103369061A/en
Application granted granted Critical
Publication of CN103369061B publication Critical patent/CN103369061B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Embodiments provide a kind of method passing through two-stage NAT, receive including: the first order NAT device service providing end being positioned at private network by UPnP protocol send first pass through ask message time, determine that described first order NAT device allows the port passed through;Described first order NAT device sends second by PCP agreement to the second level NAT device being connected with the demand for services end of outer net and passes through request message, to determine that described second level NAT device allows the port passed through, and the demand for services end of described outer net is made to allow the port passed through to allow the port passed through to communicate with the service providing end of described private network with second level NAT device by described first order NAT device.The embodiment of the present invention additionally provides a kind of NAT device.The technical scheme of the embodiment of the present invention avoids lifting and the increase of extra cost that numerous network equipments carries out the technical sophistication degree that transformation and upgrade bring.

Description

A kind of method passing through two-stage NAT and NAT device
Technical field
The present invention relates to communication technical field, particularly relate to a kind of method passing through two-stage NAT and NAT Equipment.
Background technology
Along with the development of network technology and day by day enriching of network application scene, existing network environment Networking mode gradually by single-stage NAT (Network Address Translation, network address translation) Networking to the networking mode differentiation of two-stage NAT, solved such as IPV4 (Internet Protocol V4, mutually Networking protocol fourth edition) problem such as address depletion.
(seeing accompanying drawing 1a) under single-stage networking model, public network accesses private network, extranet access Intranet, only Need to pass through one-level NAT device, and (see accompanying drawing 1b) under two-stage networking model, then need to pass through Two-stage NAT device.
In the prior art, it is achieved one-level NAT device passes through and generally uses UPnP (Universal Plug And play, UPnP) technology or PCP (Port Control Protocol, port control protocols) Technology realizes passing through.UPnP mode is applicable to be connected the network environment of outer net by home network device, But do not support local side apparatus;PCP mode is applicable to be connected the network environment of outer net by local side apparatus, but Do not support home network device.
In order to adapt to the change of two-stage networking mode, need the local side apparatus using UPnP mode to pass through Carry out upgrading, or the home network device using PCP mode to pass through is carried out upgrading.So And, due to home network device or local side apparatus is large number of, configurations, upgrading will improve skill Art complexity, increase extra cost.
Summary of the invention
In view of this, the goal of the invention of the embodiment of the present invention is to provide a kind of method passing through two-stage NAT And NAT device, solve the technical sophistication degree that brings of prior art transformation and upgrade conventional network equipment rise and The problem that extra cost increases.
A kind of method passing through two-stage NAT that the embodiment of the present invention provides, including:
First order NAT device receives be positioned at that the service providing end of private network is sent by UPnP protocol first Pass through request message;Described first order NAT device passes through request message according to described first and determines described the One-level NAT device allows the port passed through;Described first order NAT device passes through PCP agreement to outward The second level NAT device that the demand for services end of net connects sends second and passes through request message, triggers described the Two grades of NAT device pass through request message according to described second and determine that described second level NAT device allows to wear Port more, so that what the demand for services end of described outer net allowed to pass through by described first order NAT device Port allows the port passed through to communicate with the service providing end of described private network with second level NAT device.
The embodiment of the present invention additionally provides a kind of NAT device, and described NAT device carries with the service of private network Communicating to connect for end, described NAT device includes: receive unit, carries for receiving the service of described private network First request message is passed through by what UPnP protocol sent for end;First determines unit, for according to institute State first pass through request message determine that described NAT device allows the port passed through;Transmitting element, is used for leading to Cross PCP agreement and pass through request message to the NAT device transmission second being connected with the demand for services end of outer net, The NAT device being connected with the demand for services end of outer net described in Chu Faing passes through request message according to described second Determine that the described NAT device being connected with the demand for services end of outer net allows the port passed through, so that outside described The demand for services end of net allows the port passed through and the described service with outer net to need by described NAT device The NAT device asking end to connect allows the service providing end communication of port and the described private network passed through.
The technical scheme provided by the present invention, first order NAT device receives the service providing end of private network and leads to When cross that UPnP protocol sends first passes through request message, determine what this first order NAT device allowed to pass through Port, and send second by PCP agreement to the second level NAT device being connected with the demand for services end of outer net Pass through request message, to determine that described second level NAT device allows the port passed through, and make described outer net Demand for services end allow the port that passes through and second level NAT device to permit by described first order NAT device Permitted the service providing end communication of port and the described private network passed through, thus realized the two-stage between private network and outer net Passing through of NAT device, achieves two in the case of need not transform conventional network equipment quickly and easily Level NAT passes through, thus avoids the lifting of technical sophistication degree and extra cost increase that upgrading brings.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to reality Execute the required accompanying drawing used in example or description of the prior art to be briefly described, it should be apparent that below, Accompanying drawing in description is only some embodiments described in the application, for those of ordinary skill in the art From the point of view of, on the premise of not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 a is single-stage NAT device network environment schematic diagram of the prior art;
Fig. 1 b is two-stage NAT device network environment schematic diagram of the prior art;
The flow chart of the method passing through two-stage NAT that Fig. 2 provides for the inventive method embodiment one;
The application scenarios schematic diagram that Fig. 3 provides for the inventive method embodiment two;
The application scenarios schematic diagram that Fig. 4 provides for the inventive method embodiment three;
The structured flowchart of the NAT device that Fig. 5 provides for apparatus of the present invention embodiment four.
Detailed description of the invention
For the technical scheme making those skilled in the art be more fully understood that in the application, below in conjunction with Accompanying drawing in the embodiment of the present application, clearly and completely retouches the technical scheme in the embodiment of the present application State, it is clear that described embodiment is only some embodiments of the present application rather than whole enforcement Example.Based on the embodiment in the application, those of ordinary skill in the art are not before making creative work Put the every other embodiment obtained, all should belong to the scope of the application protection.
Understandable, below in conjunction with the accompanying drawings for enabling the above-mentioned purpose of the application, feature and advantage to become apparent from With detailed description of the invention, the application is described in further detail.
Embodiment one
See accompanying drawing 2, the figure shows a kind of embodiment of the method passing through two-stage NAT that the present invention provides, I.e. embodiment one.This embodiment is applied to the network environment with two-stage NAT device, in the present embodiment, First order NAT device is connected with the service providing end of private network, constitutes first order NAT network, and this is first years old Level NAT device can be connected with other NAT device multiple the most respectively, wherein, each other NAT device can with this first order NAT device constitute a NAT network, in the present embodiment, This NAT network is it is to be understood that a NAT device needs to carry another NAT device or service When changing for the IP address in the packet that end or demand for services end send, the local area network constituted Network, say, that this first order NAT device can the most respectively with other NAT device structures multiple Become the NAT network of multiple same stages, wherein, this each other NAT device and this first order NAT The NAT network that equipment is constituted is properly termed as second level NAT network, and other NAT device can claim Multiple second level NAT device can be connected for second level NAT device, i.e. first order NAT device.
In the present embodiment, for illustrating, it is assumed that other NAT of this first order NAT device and Equipment connects, and the two network constituted is properly termed as second level NAT network, sets with this first order NAT Standby other above-mentioned NAT device connected can be referred to as second level NAT device;If now, this One-level NAT device is connected, the most respectively with this first order NAT with other NAT device of two or more respectively Other above-mentioned NAT device that equipment connects can also be referred to as second level NAT device.
In like manner, other NAT device being connected with this second level NAT device, it is properly termed as third level NAT Equipment, in the present embodiment, other NAT device being connected with this second level NAT device does not include One-level NAT device, this second level NAT device can with the network that this third level NAT device connects and composes With referred to as third level NAT network, by that analogy.
It should be noted that in the present embodiment, the first order, the order of the name of the second level or the third level It is to start to name from the NAT device being connected with the service providing end of private network, this first order NAT device, Second level NAT device or third level NAT device can be these equipment of the equipment with nat feature, Include but not limited to CPE, home gateway, router, server, fire wall etc..The embodiment of the present invention In private network, the network such as outer net (public network) refer to the network being divided by network means or isolating, no Limited by concrete real-time performance, as the concept such as wireless network, fixed network limits.
Described method may include that
Step S201: first order NAT device is received the service providing end of private network and sent out by UPnP protocol First sent passes through request message;In the present embodiment, this first pass through request message in carry the first order NAT device needs the port passed through;
Step S202: pass through request message according to described first and determine that this first order NAT device allows to wear Port more;
Based on network security reason, the user that the service in private network is generally not capable of by outer net (public network) is direct Access.If needing certain service using private network to provide, it is necessary to realize " passing through ", the namely company of requirement Connect the open certain port of intermediate equipment (such as NAT device) of private network and outer net, it is allowed to from the visit of outer net The request of asking arrives the service providing end of private network, so that the service provided by the service providing end of this private network. The basis that this " passing through " realizes is to be initiated the negotiations process with NAT device by the service providing end of private network, Consult to determine that NAT device allows the port passed through by both sides.This negotiations process is carried by the service of private network Pass through message initiated for end transmission first.
In the present embodiment, first order NAT device according to described first pass through request message determine this first Level NAT device allows the process of the port passed through, and may include that
First order NAT device determine this first pass through port that the request needs that carry of message pass through can Allow to pass through;
When determine this first pass through the port that the request needs that carry of message pass through can allow to pass through time, first The state of the port that these needs are passed through by level NAT device is set to open mode, it is also possible to pass through again UPnP protocol feeding back confirmation message is to the service providing end of private network;
When determine this first pass through the port that the request needs that carry of message pass through can not allow to pass through time, logical The service providing end crossing UPnP protocol and private network consults to determine the port allowing to pass through;
In the present embodiment, wherein, determine fair by UPnP protocol and the negotiation of the service providing end of private network The process of port being permitted to pass through may include that
First order NAT device is sent by UPnP protocol to carry and the information of the port passed through can be allowed to private The service providing end of net, so that the service providing end of this private network determines whether to agree to that first order NAT device carries The port allowing to pass through of confession;
When first order NAT device receives the agreement that the service providing end of private network is sent by UPnP protocol During message, the state that this allows the port passed through is set to open mode;
When first order NAT device receives the difference that the service providing end of private network is sent by UPnP protocol During meaning message, determine that can this disagree the port that the needs carried in message pass through and allow to pass through, until Consult successfully.
Or,
First order NAT device is sent by UPnP protocol to carry and again sends the information passing through request message To the service providing end of private network, so that the service providing end of private network sends again passes through request message, until Consult successfully.
In the present embodiment, can be by IGD (Internet Gateway Device, the Internet of UPnP Gateway device) agreement and this service providing end consult to determine that this first order NAT device allows the end passed through Mouthful.
Step S203: this first order NAT device is by PCP agreement to the demand for services end with outer net even The second level NAT device connect sends second and passes through request message, trigger this second level NAT device according to This second passes through request message and determines that this second level NAT device allows the port passed through, so that this outer net Demand for services end allows the port passed through and second level NAT device to allow by this first order NAT device The port passed through and the service providing end communication of this private network.
In the present embodiment, this first order NAT device passes through PCP agreement to the demand for services with outer net The second level NAT device that end connects sends second and passes through request message, triggers this second level NAT device According to this second pass through request message determine that this second level NAT device allows the process of the port passed through, can To include:
This first order NAT device sends second by PCP agreement to second level NAT device and passes through request Message, this second passes through and carries the second NAT device in request message and need the port that passes through;
Second level NAT device determine this second pass through port that the request needs that carry of message pass through can Allow to pass through;
When determine this second pass through the port that the request needs that carry of message pass through can allow to pass through time, second The state of the port that these needs pass through is set to open mode by NAT device, it is also possible to pass through PCP again Agreement feeding back confirmation message is to first order NAT device;
When determine this second pass through the port that the request needs that carry of message pass through can not allow to pass through time, logical Cross the port that PCP agreement and first order NAT device are consulted to allow to pass through in this second level NAT device;
In the present embodiment, wherein, this second level is consulted by PCP agreement and first order NAT device The process allowing the port passed through in NAT device may include that
Second level NAT device is sent by PCP agreement to carry and the information of port passed through can be allowed to the One-level NAT device end, so that this first order NAT device determines whether to agree to that second level NAT device carries The port allowing to pass through of confession, until consulting successfully;Or,
Second level NAT device is sent by PCP agreement to carry and again sends the information passing through request message To first order NAT device, so that first order NAT device sends again passes through request message, until association Business's success.
In the present embodiment, first order NAT device allows the port numbers of port and the second level NAT passed through The port numbers allowing the port passed through in equipment can be identical, it is also possible to differs.
This first order NAT device can be when receiving first and passing through request message, and generation second is passed through please Seek message, and pass through request message to second level NAT device transmission second, it is possible to determine first aforementioned After level NAT device allows the port passed through, generate second and pass through request message, then to second level NAT Equipment sends second and passes through request message.
Message is passed through, it is intended to distinguish two kinds of differences passing through message here by " first ", " second " mark Different, first passes through the NAT that message is only connected with direct and this service providing end in the service providing end of private network Sending between equipment (first order NAT device), second passes through transmission between the most each NAT device of message.
In the present embodiment, when second level NAT device is connected with the demand for services end of outer net, when really Determine after this second level NAT device allows the port passed through, to be equivalent to achieve two between private network and outer net Level the passing through of NAT device, it is understood that for, " getting through " is positioned at the service providing end of private network and is positioned at NAT device passage between the demand for services end of outer net (public network), demand for services end can be led to by this Road realizes the access to service providing end, and the demand for services end of the most described outer net is by described first order NAT Equipment allows the port passed through and second level NAT device to allow the service of port and the private network passed through to provide End communication connection.
Optionally, in the present embodiment, it not directly and the demand for services of outer net when second level NAT device When end is connected, i.e. there is also other NAT between this second level NAT device and demand for services end of outer net During equipment, i.e. there is also third level NAT between this second level NAT device and demand for services end of outer net Equipment, then by this second level NAT device by PCP agreement send this second pass through request message extremely This third level NAT device, to determine the port that this third level NAT device allows to pass through, thus real Passing through of existing three grades of NAT device.If also depositing between the demand for services end of third level NAT device and outer net When fourth stage NAT device, then by this third level NAT device by PCP agreement send this second Pass through request message to this fourth stage NAT device, allow to pass through determining this fourth stage NAT device Port, thus realize passing through of level Four NAT device.By that analogy, thus realize multi-level NAT and set Standby passes through.
What the present embodiment was given passes through the technical scheme of two-stage NAT device, and first order NAT device receives The service providing end of private network by UPnP protocol send first pass through request message time, determine this first Level NAT device allows the port passed through, and is connected to the demand for services end with outer net by PCP agreement Second level NAT device send second and pass through request message, to determine that described second level NAT device is permitted Permitted the port passed through, and make the demand for services end of described outer net allow to wear by described first order NAT device Port more allows the port passed through to communicate with the service providing end of described private network with second level NAT device, Thus realize passing through of the two-stage NAT device between private network and outer net.Compared with prior art, the present embodiment In service providing end and first order NAT device such as home network device use UPnP mode to realize the One-level NAT is passed through, and the second level NAT device that first order NAT device is connected with demand for services end is all As local side apparatus uses PCP mode to realize passing through, simple in the case of need not transform conventional network equipment Achieve passing through of two-stage NAT the most quickly, thus avoid the technical sophistication degree that upgrading brings and carry Rise and extra cost increases.
Embodiment two
Above-described embodiment describes technical scheme, but in order to be more clearly understood that the skill of the present invention Art content, illustrates below as a example by relatively simple two-stage NAT device network environment.See accompanying drawing Shown in 3, the figure shows realize one that NAT device passes through under two-stage NAT device network environment should By scene, the method constitutes embodiments of the invention two.In the present embodiment, first order NAT device is family Gateway, this home gateway is connected with the PC of domestic consumer, and second level NAT device is that CGN sets Standby (Carrier-grade NAT, carrier-class NAT), this CGN equipment is connected with outer body. Domestic consumer opens WEB service application on the PC (service providing end) in private network, outside being positioned at External host in net (public network), as demand for services end, needs to use this WEB service to apply.
Step S301: after domestic consumer opens WEB service by PC, by UPnP protocol to home gateway Send first and pass through request message;This first passes through and carries home gateway in request message and need the end that passes through Mouthful.
Step S302: home gateway receive first pass through request message after, determine external host access family During the WEB service of front yard user, home gateway allows the port passed through.
Step S303: after home gateway determines the port allowing to pass through, home gateway by PCP agreement to CGN equipment sends second and passes through request message;This second pass through request message in carry CGN equipment needs The port passed through.
Step S304:CGN equipment receives second and passes through request message, determines that external host accesses home-use During the WEB service at family, CGN equipment allows the port passed through;
After step S305:CGN equipment determines the port allowing to pass through, external host i.e. passes through two-stage NAT The WEB service that domestic consumer is provided by equipment (home gateway and CGN) conducts interviews.
Embodiment three
Illustrating technical scheme with an instantiation the most again, this example constitutes the reality of the present invention Executing example three, this embodiment is applicable to after the networking of one-level NAT escalates into the networking of two-stage NAT, in a network Carry out the application of the P2P protocol software.
At present P2P software application is widely, common all belongs to such as the download tool such as " BT ", " electricity donkey " In P2P software, an important feature of such software is that speed of download is fast, the master that speed of download is fast Each subscriber equipment participating in downloading all " server " identity can provide " downloading " again to want reason to be, It is to say, a user is while downloading file, also provide for other user enterprising from the equipment of oneself Row is downloaded.For the user perspective downloaded, party of one's own face is (every from numerous " servers " The individual subscriber equipment participating in downloading can regard a server as) on " user " that be downloaded;Another Aspect oneself is also other user one " server " when downloading.
See accompanying drawing 4, the figure shows and carry out " wearing of P2P software under two-stage NAT device network environment More " process.The step of this embodiment includes:
Step S401: BT Client (client) software on subscriber's main station and outer net (public network) in private network On BT Server (server) set up communication, register facility information, it is thus achieved that associated available resources information.
When private user startup BT client carries out resource downloading, the BT Server of public network will be firstly connected to, To carry out information registering, BT Server can record the IP after each BT client NAT and the port of use Etc. information, server also can tell client its device IP at resource place needed and port information, i.e. its He downloads IP address and the port information that user provides.As equal in the BT Client A in Fig. 4 and BT Client B Set up communication connection with the BT Server on public network, obtain the information oneself needed.But, due to NAT The obstruct of equipment, BT Client A can not directly access BT Server, BT Server and can not directly access BT Client A.This just needs to carry out NAT between BT Client A (BT Client B) to public network and passes through. Realize illustrating as a example by the process passed through by BT Client A below.
Step S402: provide the BT Client A of downloading service by UPNP agreement to NAT to BT Server Device A sends first and passes through request message;
Step S403:NAT device A receives first and passes through request message, determines that BT Server accesses client Port open for NAT device A during end BT Client A;
As it was previously stated, private network client can open the port of correspondence according to the information that server provides, wait Other download the access of subscription client, but NAT device (such as home gateway) can stop it Being directly accessed of its client, now, private network client will use UPNP agreement to hold consultation, and uses UPnP-IGD opens the port of mapping, it is allowed to other client passes through the port cross-over NAT equipment opened, Pass through it is thus possible to realize first order NAT device.
After step S404:NAT device A is consulted successfully, send second by PCP agreement to NAT device B Pass through request message;
After request message is passed through in step S405:NAT equipment B reception second, determine that BT Server accesses client Port open for NAT device B during end BT Client A;
Step S406: between customer end B T Client A and BT Server by NAT device (NAT device A, NAT device B) the upper port opened carries out NAT and passes through and download.
NAT device is opened after port, can carry out passing through by the NAT interface opened between client and Download.
Step S401, step S402 in the present embodiment are identical with the situation in the case of single-stage NAT, can Normal use, but in step S403 to step S405, the connection between client needs to pass through second NAT device (i.e. NAT B and NAT C).It is because while that each client is consulted respectively by UPNP Open the mapped port of first order NAT device (i.e. NAT A and NAT D), it is allowed to the connection on both sides is worn Get over, but outer net (public network) side NAT device is also required to open nat port simultaneously, it is allowed to outside access connects Enter.The present embodiment arranges wearing of first order NAT device (NAT device A or NAT device D) by UPNP After the most successful, carry out the first order and second level NAT device (such as NAT device A and NAT device B or NAT device D and NAT device C) between PCP (Port Control Portocol) consult, pass through PCP Consult the setting of passing through of second level NAT device, thus completed passing through of two-stage NAT device simultaneously and join Put, two-stage NAT device can be configured dynamically, two-stage NAT device can be opened again simultaneously and pass through function, On time harmonious, it is to avoid cause application to be affected because the opening time is inconsistent.
Embodiment four
Above-mentioned several embodiments are the embodiments of the method passing through two-stage NAT device that the present invention is given, phase Ying Di, the present invention gives the device embodiment of NAT device.See accompanying drawing 5, the figure shows this The structure composition of a kind of NAT device that invention provides, i.e. embodiment four.
In the present embodiment, this NAT device is connected with the service providing end of this private network, constitutes the first order NAT network, this NAT device can be connected with other NAT device, then this NAT device with The network that other NAT device is constituted therebetween is second level NAT network.In the present embodiment, The NAT device should being connected with the service providing end of this private network is properly termed as first order NAT device.
In the present embodiment, for illustrating, it is assumed that above-mentioned this NAT in first order NAT network Other NAT device of equipment and one connects, then other NAT device two of this NAT device and The network constituted between person is properly termed as second level NAT network, with being somebody's turn to do in this first order NAT network Other above-mentioned NAT device that NAT device connects can be referred to as second level NAT device, it is also possible to NAT device for referred to as second level NAT network.The NAT device of this second level NAT network is with outer The demand for services end of the outer net of net connects.
In the present embodiment, this NAT device in this first order NAT network includes: reception unit 501, First determines unit 502, and second determines unit 503, transmitting element 504;
Wherein, this reception unit 501 is sent by UPnP protocol for the service providing end receiving private network First pass through request message.This first passes through and carries this NAT device in request message and need the end that passes through Mouthful;
First determines that the service providing end that unit 502 receives private network for this reception unit 501 is passed through When the first of UPnP protocol transmission passes through request message, pass through request message according to described first and determine this NAT device allows the port passed through.
In the present embodiment, first determine unit 502 specifically for determine this first pass through request message take Can the port that passes through of needs of band allow to pass through, when determining that this first passes through the needs that request message is carried When the port passed through can allow to pass through, the state of the port passed through by these needs is set to open mode, and Trigger this transmitting element 504 by UPnP protocol feeding back confirmation message to the service providing end of private network;And When determine this first pass through the port that the request needs that carry of message pass through can not allow to pass through time, pass through UPnP protocol determines, with the service providing end negotiation of private network, the port allowing to pass through.
When first determines that unit 502 is consulted to determine permission by the service providing end of UPnP protocol with private network During the port passed through, it is further used for triggering this transmitting element 504 and is sent by UPnP protocol that carry can Allow the information of port passed through to the service providing end of private network so that the service providing end of this private network determines Whether agree to the port allowing to pass through that first order NAT device provides, and when this reception unit 504 receives During the acceptance message sent by UPnP protocol to the service providing end of private network, this is allowed the end that passes through The state of mouth is set to open mode;
Or, trigger this transmitting element 504 and be further used for sending to carry by UPnP protocol again sending out Send the information passing through request message to the service providing end of private network so that the service providing end of private network is sent out again Send and pass through request message, until consulting successfully.
Second determines that unit 503 is for first determining that unit 502 determines that this NAT device allows to pass through when this Port time, generate and second pass through request message.This second pass through request message in carry the clothes with outer net The NAT device that business demand end connects needs the port passed through.This second pass through request message for triggering this The NAT device being connected with the demand for services end of outer net determines what this was connected with the demand for services end of outer net NAT device allows the port passed through.
In the present embodiment, second determines that unit 503 can be also used for this reception unit 501 and receives private The service providing end of net by UPnP protocol send first pass through request message time, generation second is passed through Request message.
In the present embodiment, for working as second, this transmitting element 504 determines that unit 503 generates second and passes through During request message, by PCP agreement to the NAT device transmission the being connected with the demand for services end of outer net Two pass through request message, determine that this is with outward triggering this NAT device being connected with the demand for services end of outer net The NAT device that the demand for services end of net connects allows the port passed through.
The NAT device that the present embodiment provides, when the service providing end of this NAT device reception private network is passed through UPnP protocol send first when passing through request message, determine what this first order NAT device allowed to pass through Port, and worn to the NAT device transmission second being connected with the demand for services end of outer net by PCP agreement More ask message, to determine that this NAT device being connected with the demand for services end of outer net allows the end passed through Mouthful, and make the demand for services end of described outer net allow, by this NAT device, the port passed through and be somebody's turn to do and outer net The service providing end communication of port and the described private network of NAT device that connects of demand for services end, thus real Passing through of existing two-stage NAT device between private network and outer net.Compared with prior art, the clothes in the present embodiment Business provides end and this NAT device such as home network device to use UPnP mode to realize first order NAT Pass through, and the second level NAT device such as local side that first order NAT device is connected with demand for services end sets Standby employing PCP mode realizes the 2nd NAT and passes through, in the case of need not transform conventional network equipment Achieve passing through of two-stage NAT device quickly and easily, thus it is multiple to avoid the technology that upgrading brings Miscellaneous degree promotes and extra cost increases.
NAT device in the embodiment of the present invention be these equipment of the equipment with nat feature include but not It is limited to CPE, home gateway, router, server, fire wall etc..Private network in the embodiment of the present invention, The networks such as outer net (public network) refer to the network being divided by network means or isolating, not by concrete network The restriction realized, as the concept such as wireless network, fixed network limits.
For convenience of description, it is divided into various unit to be respectively described with function when describing apparatus above.Certainly, The function of each unit can be realized in same or multiple softwares and/or hardware when implementing the application.
As seen through the above description of the embodiments, those skilled in the art is it can be understood that arrive The application can add the mode of required general hardware platform by software and realize.Based on such understanding, The part that prior art is contributed by the technical scheme of the application the most in other words can be with software product Form embody, this computer software product can be stored in storage medium, as ROM/RAM, Magnetic disc, CD etc., including some instructions with so that computer equipment (can be personal computer, Server, or the network equipment etc.) perform each embodiment of the application or some part institute of embodiment The method stated.
The application can be used in numerous general or special purpose computing system environment or configuration.Such as: Ge Renji Calculation machine, server computer, handheld device or portable set, laptop device, multicomputer system, System based on microprocessor, set top box, programmable consumer-elcetronics devices, network PC, small-sized calculating Machine, mainframe computer, the distributed computing environment including any of the above system or equipment etc..
The application can described in the general context of computer executable instructions, Such as program module.Usually, program module includes performing particular task or realizing specific abstract data class The routine of type, program, object, assembly, data structure etc..Can also be in a distributed computing environment Put into practice the application, in these distributed computing environment, by by communication network connected remotely Reason equipment performs task.In a distributed computing environment, program module may be located at and includes storage device In interior local and remote computer-readable storage medium.
The above is only the detailed description of the invention of the application, it is noted that general for the art For logical technical staff, on the premise of without departing from the application principle, it is also possible to make some improvement and profit Decorations, these improvements and modifications also should be regarded as the protection domain of the application.

Claims (15)

1. the method passing through two-stage NAT, it is characterised in that including:
First order NAT device receives be positioned at that the service providing end of private network is sent by UPnP protocol first Pass through request message;
Described first order NAT device passes through request message according to described first and determines described first order NAT Equipment allows the port passed through;
Described first order NAT device is by port control protocols PCP to the demand for services end with outer net even The second level NAT device connect sends second and passes through request message, triggers described second level NAT device root Pass through request message according to described second and determine that described second level NAT device allows the port passed through, so that institute State port and the second level that the demand for services end of outer net allows to pass through by described first order NAT device NAT device allows the service providing end communication of port and the described private network passed through.
Method the most according to claim 1, it is characterised in that described first passes through in request message Carrying the port that first order NAT device needs to pass through, described first order NAT device is according to described first Pass through request message and determine that this first order NAT device allows the step of the port passed through to include:
Determine that can described first pass through the port that the request needs that carry of message pass through and allow to pass through;
When determine described first pass through the port that the request needs that carry of message pass through can allow to pass through time, institute The state stating the port that described needs are passed through by first order NAT device is set to open mode.
Method the most according to claim 2, it is characterised in that described first passes through in request message Carrying the port that first order NAT device needs to pass through, described first order NAT device is according to described first Pass through request message and determine that this first order NAT device allows the step of the port passed through to farther include:
When determine described first pass through the port that the request needs that carry of message pass through can not allow to pass through time, Consult to determine the port allowing to pass through by the service providing end of UPnP protocol with private network.
Method the most according to claim 3, it is characterised in that described by UPnP protocol with private The service providing end of net consults to determine that the step allowing the port passed through includes:
Described first order NAT device is sent by UPnP protocol and carries the information of port that can allow to pass through To the service providing end of described private network, so that the service providing end of described private network determines whether to agree to the first order The port allowing to pass through that NAT device provides;
The service providing end receiving described private network when described first order NAT device is sent out by UPnP protocol During the acceptance message sent, the state of the described port allowing and passing through is set to open mode.
Method the most according to claim 3, it is characterised in that described by UPnP protocol with private The service providing end of net consults to determine that the step allowing the port passed through farther includes:
Described first order NAT device is sent by UPnP protocol to carry again to send and passes through request message Information, to the service providing end of described private network, is asked so that the service providing end of described private network sends to pass through again Seek message.
Method the most according to claim 1, it is characterised in that described second passes through in request message Carrying the port that second level NAT device needs to pass through, described first order NAT device passes through PCP agreement Send second to the second level NAT device being connected with the demand for services end of outer net and pass through request message, trigger Described second level NAT device passes through request message according to described second and determines described second level NAT device The step allowing the port passed through includes:
Described first order NAT device sends second by PCP agreement to described second level NAT device and wears More ask message, trigger described second level NAT device and determine that described second passes through the need that request message is carried Can port be passed through allow to pass through.
Method the most according to claim 1, it is characterised in that described first order NAT device leads to Cross port control protocols PCP and send the to the second level NAT device being connected with the demand for services end of outer net Two steps passing through request message include:
When first order NAT device receives be positioned at that the service providing end of private network is sent by UPnP protocol the One when passing through request message, generates simultaneously and second passes through request message;
Described first order NAT device is connected to the described demand for services end with outer net by PCP agreement Second level NAT device sends second and passes through request message.
Method the most according to claim 1, it is characterised in that described first order NAT device leads to Cross port control protocols PCP and send the to the second level NAT device being connected with the demand for services end of outer net Two steps passing through request message farther include:
When determining that described first order NAT device allows the port passed through, second request of passing through of generation disappears Breath;
Described first order NAT device is connected to the described demand for services end with outer net by PCP agreement Second level NAT device sends second and passes through request message.
9. a NAT device, it is characterised in that described NAT device leads to the service providing end of private network Letter connects, and described NAT device includes:
Receive unit, the service providing end for receiving described private network sent by UPnP protocol first Pass through request message;
First determines unit, determines that described NAT device allows for passing through request message according to described first The port passed through;
Transmitting element, for by port control protocols PCP to being connected with the demand for services end of outer net NAT device sends second and passes through request message, the NAT being connected with the demand for services end of outer net described in triggering Equipment passes through request message according to described second and determines the described NAT being connected with the demand for services end of outer net Equipment allows the port passed through, so that the demand for services end of described outer net allows to wear by described NAT device The NAT device that port more and the described demand for services end with outer net are connected allows port and the institute passed through State the service providing end communication of private network.
NAT device the most according to claim 9, it is characterised in that including:
Described reception unit is sent by UPnP protocol specifically for the service providing end receiving described private network First pass through request message, described first passes through and carries the service providing end with private network in request message and lead to The NAT device that letter connects needs the port passed through;
Described first determines that unit is specifically for determining that described first passes through the request needs that carry of message and pass through Port can allow to pass through, when determining that described first passes through the port that the request needs that carry of message pass through When can allow to pass through, these needs are passed through by the NAT device that the described service providing end with private network communicates to connect The state of port be set to open mode.
11. NAT device according to claim 10, it is characterised in that described first determines list Unit is further used for when determine that described first passes through the port that the request needs that carry of message pass through and can not allow When passing through, consult to determine the port allowing to pass through by the service providing end of UPnP protocol with described private network.
12. NAT device according to claim 11, it is characterised in that
Described transmitting element is further used for when described first determines that unit is further used for when determine described the One passes through the port that the request needs that carry of message pass through when can not allow to pass through, and is sent out by UPnP protocol Send and carry the service providing end that the information of port passed through can be allowed to described private network, so that described private network Service providing end determines whether to agree to that the NAT device that the described service providing end with private network communicates to connect carries The port allowing to pass through of confession;
Described first determines that the service that unit is further used for when described reception unit receives described private network carries When supplying the acceptance message that end is sent by UPnP protocol, the state of the described port allowing and passing through is arranged For open mode.
13. NAT device according to claim 11, it is characterised in that described transmitting element enters One step for when described first determine unit be further used for when determine described first pass through request message carry The port that passes through of needs when can not allow to pass through, sent by UPnP protocol to carry again to send and pass through The service providing end of the information of request message extremely described private network, so that the service providing end of described private network is again Request message is passed through in transmission.
14. NAT device according to claim 9, it is characterised in that farther include:
Second determines unit, determines that unit determines that described NAT device allows the end passed through for described first Mouthful time, generate described second and pass through request message, wherein, described second passes through in request message and carries institute State the port that the NAT device needs that the demand for services end with outer net is connected pass through;
Described transmitting element is further used for when described second determines that unit generates second and passes through request message Time, send second by PCP agreement to the NAT device that the described demand for services end with outer net is connected and wear More ask message, determine with the NAT device being connected with the demand for services end of outer net described in triggering described with outward The NAT device that the demand for services end of net connects allows the port passed through.
15. NAT device according to claim 9, it is characterised in that farther include:
Second determines unit, passes through for the service providing end receiving described private network when described reception unit When the first of UPnP protocol transmission passes through request message, generate described second and pass through request message;
Described transmitting element is further used for when described second determines that unit generates second and passes through request message Time, send second by PCP agreement to the NAT device that the described demand for services end with outer net is connected and wear More ask message, determine with the NAT device being connected with the demand for services end of outer net described in triggering described with outward The NAT device that the demand for services end of net connects allows the port passed through.
CN201210095933.4A 2012-04-01 2012-04-01 A kind of method passing through two-stage NAT and NAT device Expired - Fee Related CN103369061B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210095933.4A CN103369061B (en) 2012-04-01 2012-04-01 A kind of method passing through two-stage NAT and NAT device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210095933.4A CN103369061B (en) 2012-04-01 2012-04-01 A kind of method passing through two-stage NAT and NAT device

Publications (2)

Publication Number Publication Date
CN103369061A CN103369061A (en) 2013-10-23
CN103369061B true CN103369061B (en) 2016-08-24

Family

ID=49369582

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210095933.4A Expired - Fee Related CN103369061B (en) 2012-04-01 2012-04-01 A kind of method passing through two-stage NAT and NAT device

Country Status (1)

Country Link
CN (1) CN103369061B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104243628A (en) * 2014-09-11 2014-12-24 杭州华三通信技术有限公司 Continuous multi-port application method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101453493A (en) * 2007-12-07 2009-06-10 友讯科技股份有限公司 Method for mutually interconnecting network terminal devices through customer proxy
CN101478493A (en) * 2009-02-10 2009-07-08 杭州华三通信技术有限公司 Method and device for NAT through communication
CN101645875A (en) * 2008-08-04 2010-02-10 友讯科技股份有限公司 Method for establishing on-line channel
CN102231763A (en) * 2011-06-20 2011-11-02 北京思创银联科技股份有限公司 Sharing method based on NAT (Network Address Translation) penetration

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080019367A1 (en) * 2004-06-30 2008-01-24 Satoshi Ito Communication Device, Communication Setting Method, Communication Setting Program And Recording Medium On Which Is Recorded A Communication Setting Program
FR2908001B1 (en) * 2006-10-26 2009-04-10 Alcatel Sa CROSSING A NAT ADDRESS TRANSLATION EQUIPMENT FOR SIP PROTOCOL SIGNALING MESSAGES BY REDUNDANCY OF ADDRESS INFORMATION.

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101453493A (en) * 2007-12-07 2009-06-10 友讯科技股份有限公司 Method for mutually interconnecting network terminal devices through customer proxy
CN101645875A (en) * 2008-08-04 2010-02-10 友讯科技股份有限公司 Method for establishing on-line channel
CN101478493A (en) * 2009-02-10 2009-07-08 杭州华三通信技术有限公司 Method and device for NAT through communication
CN102231763A (en) * 2011-06-20 2011-11-02 北京思创银联科技股份有限公司 Sharing method based on NAT (Network Address Translation) penetration

Also Published As

Publication number Publication date
CN103369061A (en) 2013-10-23

Similar Documents

Publication Publication Date Title
US20220247624A1 (en) Managing network connected devices
US10637724B2 (en) Managing network connected devices
US9712486B2 (en) Techniques for the deployment and management of network connected devices
CN104243210B (en) The method and system of remote access router administration page
CN102035904B (en) Method for converting TCP network communication server into client
US8353020B2 (en) Transparently extensible firewall cluster
CN109561171A (en) The configuration method and device of virtual private cloud service
CN102271132B (en) Control method and system for network access authority and client
CN105743670B (en) Access control method, system and access point
CN105610675B (en) A kind of creation method and device of virtual vpn gateway
CN104994073A (en) Cell phone terminal, server and account-device linking control and executing method
CN103036784A (en) Methods and apparatus for a self-organized layer-2 enterprise network architecture
CN107113319A (en) Method, device, system and the proxy server of response in a kind of Virtual Networking Computing certification
CN103368809A (en) Internet reverse penetration tunnel implementation method
CN103067531B (en) A kind of public network IP address resources management distribution method
CN108833251A (en) Method and apparatus for controlling the network interconnection
CN110324244B (en) Routing method based on Linux virtual server and server
CN108093097A (en) The connection method of camera and home gateway and home gateway
CN110474922A (en) A kind of communication means, PC system and access control router
CN104601431B (en) The cut-in method and the network equipment of a kind of vpn service
CN114157532A (en) Remote control method, system, electronic device and storage medium
CN106603435A (en) Method and device for distributing port block resource
CN103369061B (en) A kind of method passing through two-stage NAT and NAT device
CN103401751B (en) Internet safety protocol tunnel establishing method and device
CN105323138A (en) Private cloud routing server, and smart device client architecture

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20180207

Address after: California, USA

Patentee after: Tanous Co.

Address before: 518129 Longgang District, Guangdong, Bantian HUAWEI base B District, building 2, building No.

Patentee before: HUAWEI DEVICE Co.,Ltd.

Effective date of registration: 20180207

Address after: California, USA

Patentee after: Global innovation polymerization LLC

Address before: California, USA

Patentee before: Tanous Co.

TR01 Transfer of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20160824

CF01 Termination of patent right due to non-payment of annual fee